private function _update_settings() { // Validate current password $validated = FALSE; $current_password = $_POST['current_password']; if ($this->riverid_auth) { $response = RiverID_API::instance()->signin($this->user->email, $_POST['current_password']); $validated = ($response and $response['status']); } else { $validated = Auth::instance()->hash($current_password) == $this->user->password; } if (!$validated) { $this->errors = __('Current password is incorrect'); return; } $messages = array(); // Password is changing and we are using RiverID authentication if (!empty($_POST['password']) or !empty($_POST['password_confirm'])) { $post = Model_Auth_User::get_password_validation($_POST); if (!$post->check()) { $this->errors = $post->errors('user'); return; } // Are we using RiverID? if ($this->riverid_auth) { $resp = RiverID_API::instance()->change_password($this->user->email, $_POST['current_password'], $_POST['password']); if (!$resp['status']) { $this->errors = $resp['error']; return; } // For API calls below, use this new password $current_password = $_POST['password']; unset($_POST['password'], $_POST['password_confirm']); } } // Email address is changing if ($_POST['email'] != $this->user->email) { $new_email = $_POST['email']; if (!Valid::email($new_email)) { $this->errors = __('Invalid email address'); return; } if ($this->riverid_auth) { // RiverID email change process $mail_body = View::factory('emails/changeemail')->bind('secret_url', $secret_url); $secret_url = url::site('login/changeemail/' . urlencode($this->user->email) . '/' . urlencode($new_email) . '/%token%', TRUE, TRUE); $site_email = Kohana::$config->load('useradmin.email_address'); $mail_subject = __(':sitename: Email Change', array(':sitename' => Model_Setting::get_setting('site_name'))); $resp = RiverID_API::instance()->change_email($this->user->email, $new_email, $current_password, $mail_body, $mail_subject, $site_email); if (!$resp['status']) { $this->errors = $resp['error']; return; } } else { // Make sure the new email address is not yet registered $user = ORM::factory('user', array('email' => $new_email)); if ($user->loaded()) { $this->errors = __('The new email address has already been registered'); return; } $auth_token = Model_Auth_Token::create_token('change_email', array('new_email' => $new_email, 'old_email' => $this->user->email)); if ($auth_token->loaded()) { // Send an email with a secret token URL $mail_body = View::factory('emails/changeemail')->bind('secret_url', $secret_url); $secret_url = URL::site('login/changeemail/' . urlencode($this->user->email) . '/' . urlencode($new_email) . '/' . $auth_token->token, TRUE, TRUE); // Send email to the user using the new address $mail_subject = __(':sitename: Email Change', array(':sitename' => Model_Setting::get_setting('site_name'))); Swiftriver_Mail::send($new_email, $mail_subject, $mail_body); } else { $this->errors = __('Error'); return; } $messages[] = __("A confirmation email has been sent to :email", array(':email' => $new_email)); } // Don't change email address immediately. // Only do so after the tokens sent above are validated unset($_POST['email']); } // END if - email address change // Nickname is changing if ($_POST['nickname'] != $this->user->account->account_path) { $nickname = $_POST['nickname']; // Make sure the account path is not already taken $account = ORM::factory('account', array('account_path' => $nickname)); if ($account->loaded()) { $this->errors = __('Nickname is already taken'); return; } // Update $this->user->account->account_path = $nickname; $this->user->account->save(); } $this->user->update_user($_POST, array('name', 'password', 'email')); $messages[] = __("Account settings were saved successfully."); Session::instance()->set("messages", $messages); $this->request->redirect(URL::site($this->user->account->account_path . '/settings')); }
/** * Password reset for ORM auth. * */ private static function password_reset_orm($email) { $ret = array(); $auth_token = Model_Auth_Token::create_token('password_reset', array('email' => $email)); if ($auth_token->loaded()) { //Send an email with a secret token URL $mail_body = View::factory('emails/resetpassword')->bind('secret_url', $secret_url); $secret_url = url::site('login/reset/' . urlencode($email) . '/' . $auth_token->token, TRUE, TRUE); $mail_subject = __(':sitename: Password Reset', array(':sitename' => Model_Setting::get_setting('site_name'))); Swiftriver_Mail::send($email, $mail_subject, $mail_body); $ret['messages'] = array(__('An email has been sent with instructions to complete the password reset process.')); } else { $ret['errors'] = array(__('Error')); } return $ret; }
/** * Notify bucket owners and followers of a new comment * * @return void */ public static function notify_new_bucket_comment($comment, $bucket) { $html = View::factory('emails/html/comment'); $text = View::factory('emails/text/comment'); $html->is_drop = $text->is_drop = FALSE; $html->from_name = $text->from_name = $comment->user->name; $html->avatar = Swiftriver_Users::gravatar($comment->user->email, 80); $html->from_link = URL::site($comment->user->account->account_path, TRUE); $html->asset = $text->asset = 'bucket'; $html->asset_name = $text->asset_name = $bucket->bucket_name; $html->asset_link = $text->asset_link = URL::site($bucket->get_base_url(), TRUE); $html->link = $text->link = URL::site($bucket->get_base_url() . '/discussion#comment-' . $comment->id, TRUE); $text->comment = $comment->comment_content; $html->comment = Markdown::instance()->transform($comment->comment_content); $subject = __(':from commented on the ":name" bucket.', array(":from" => $comment->user->name, ":name" => $bucket->bucket_name)); // Add owner of the bucket first $emails = array($bucket->user->email); // Then collaborators foreach ($bucket->get_collaborators(TRUE) as $collaborator) { $emails[] = $collaborator['email']; } // Then followers foreach ($bucket->subscriptions->find_all() as $follower) { $emails[] = $follower->email; } $text_body = $text->render(); $html_body = $html->render(); $site_email = Swiftriver_Mail::get_default_address(); $from = '"' . $comment->user->name . '" <notifications@' . Swiftriver_Mail::get_email_domain() . '>'; $token_data = array('bucket_id' => $comment->bucket_id); $token = Model_Auth_Token::create_token('bucket-comment', $token_data); $reply_to = 'bucket-comment-' . $token->token . '@' . Swiftriver_Mail::get_comments_email_domain(); foreach ($emails as $email) { if ($email != $comment->user->email) { Swiftriver_Mail::send($email, $subject, $text_body, $html_body, $from, array('Reply-To' => $reply_to)); } } }